Another article has published over at MSSQLTips.com. This one covers how to identify what stored procedures are set to run when SQL Server starts up as well as what jobs are set to run when SQL Server Agent comes online. An attacker could use both of these places to embed code to regain access to a SQL Server You can read the article here: